10 Dos and Don'ts of Online Shopping

Learn how to protect your identity—and money—online

Online shopping is convenient and easy, but it can quickly turn into a nightmare if done carelessly. We spoke with Michelle Madhok, online shopping expert and founder and CEO of SHEfinds.com and MOMfinds.com, and Michael Gregg, cyber-security expert and founder and COO of Superior Solutions, Inc., to find out the most important dos and don'ts when it comes to safely navigating your way through the World Wide Web of online shopping.

More From Woman's Day

1. Do Know Where You Are
Hackers try to spoof legitimate sites and use names similar to those of established retailers to get your financial information. "Always check the name of the site and Web address to make sure it looks correct," Gregg says. Also, look out for domain extensions like .ru, .cc or .cn (instead of .com), because they're not often used by legitimate retailers.

2. Don't Shop on Public Computers
Entering personal information on a public computer, like one at a coffee shop or bookstore, puts you at risk of having your information stolen. Those networks are easy for hackers to gain access to, and businesses offering wireless service rarely monitor or control access. "Shared computers that can be found at hotels, libraries and other locations can be infected with spyware or have keystroke loggers installed," says Gregg. These programs report your credit card information to whoever installed them. If you absolutely have to use a public computer, try scanning it first with a free tool like Microsoft Malicious Software Removal.

3. Do Verify the Site Is Secure
Look for "https" in the address bar, or look for a tiny padlock icon in the lower right-hand corner of your browser before you check out to confirm the site has a certificate verifying its identity as an online business. A site's certificate can be invalidated if it expires, is not verifiable or has been reported to have some type of problem. If you receive a pop-up warning, it's best to avoid the site altogether. It's also best to avoid sites that don't list contact phone numbers. As an extra precautionary measure, Madhok recommends searching the name of the site you're on along with the word "fraud" to see if other people have had trouble with it. Websites like RipoffReport.com keep tabs on fraudulent sites, so check there too.

4. Don't Believe Everything You Read
Cyber-criminals may try to lure you to their site by offering fantastic deals or unbelievably great prices. "If it seems too good to be true, it probably is a fake site or some type of scam," says Gregg. His advice is to stick with well-known companies, or research a lesser-known site through the Better Business Bureau, Yelp.com or Angie's List.

5. Do Know What Information to Provide
Names, addresses, phone numbers and credit card numbers are legitimate information for sites to ask for, but you should never give out your social security number, bank routing numbers or driver's license number.

6. Don't Pay with a Debit Card
If you do, "you're not protected by law against fraud or undelivered goods the way you are with a credit card," says Madhok. For auctions, like on eBay, she recommends using PayPal rather than sending a check, because you'll be covered if you never receive your purchase or if the item is fake.

7. Do Keep Track of Your Statements
If you ever notice a discrepancy—for instance, that a site has overcharged your credit card—call the retailer and ask them to correct the error. If they're unreceptive, contact your credit card company directly and they can help resolve the issue.

8. Don't Reload Confirmation Pages That Fail to Load
A site may accidentally charge you multiple times if you keep trying to reload a confirmation page. Instead, contact the retailer directly to make sure your order went through. You can also check your credit card statement to confirm a charge was posted.

9. Do Download an Anti-Phishing Toolbar
These are tools that track down fraudulent sites and alert you if you visit one that appears to be asking for information under false pretenses. Many are free; try Netcraft or MyWOT.com for protection.

10. Don't Use Your Personal or Business Email
Instead, both of our experts recommend setting up a separate address to use whenever a site requests it. You'll avoid overloading your inbox with messages from retailers, but will still be able to check out any special promotions or coupons they may be offering. Plus, if this address is ever hacked, you'll be jeopardizing less than if it were your primary one.